PROPOSED AMENDMENTS TO THE CLAIMS 



1-41 (Cancelled). 

42. (Previously Presented) A method for adaptive ly generating exception rules to rejection rules 
for filtering messages, comprising: 

(a) receiving, by an intermediary device between a client and a server, a first 
message of a first user session, the first message having a first URL comprising a 
plurality of hierarchically related URL components, the plurality of hierarchically related 
URL components comprising a first URL component and a second URL component, the 
second URL component being a descendant of the first URL component; 

(b) rejecting, by the intermediary device, the first message based on a rejection 
rule that rejects messages having the first URL component; 

(c) maintaining, by the intermediary device, a first number of user sessions each 
having one or more messages rejected based on the first URL component; 

(d) maintaining, by the intermediary device, a second number of user sessions 
each having one or more messages rejected based on the second URL component; 

(e) determining, by the intermediary device, that the first number of user sessions 
exceeds a threshold and that the second number of user sessions does not exceed the 
threshold; 

(f) generating, by the intermediary device, an exception rule to the rejection rule 
responsive to the determination, the exception rule allowing messages having the first 
URL component to pass; 
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(g) receiving, by the intermediary device, a second message of the first user 
session having the first URL component; and 

(h) allowing, by the intermediary device, the second message of the first user 
session to pass between the client and the server based on the exception rule that allows 
messages having the first URL component to pass. 

43. (Previously Presented) The method of claim 42, wherein step (e) comprises determining that 
the first number of user sessions exceeds the threshold, the first URL component having no 
descendents with a corresponding number of user sessions exceeding the threshold. 

44. (Previously Presented) The method of claim 42, wherein step (c) comprises determining that 
a function of the first number of user sessions and the second number of user sessions exceeds 
the threshold. 

45. (Previously Presented) The method of claim 44, further comprising defining the function as 
a function of the first number of user sessions and a number of user sessions corresponding to 
each descendant of the first URL component in messages received by the intermediary device. 

46. (Previously Presented) The method of claim 42, further comprising defining the threshold as 
a product of a total number of messages over a time interval and a percentage of the messages 
that should be allowed. 
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47. (Previously Presented) The method of claim 42, further comprising generating the exception 
rule by inferencing a scalar data type of the descendants of the first URL component. 

48. (Previously Presented) The method of claim 44, further comprising defining the function as 
a direct count of the user sessions corresponding to the first URL component. 

49. (Previously Presented) The method of claim 44, further comprising defining the function as 
a weighted count of the user sessions corresponding to the first URL component. 

50. (Previously Presented) The method of claim 42, further comprising storing, by the 
intermediary device the URL in a trie structure, wherein each URL component of the plurality of 
hierarchically related URL components is associated with a node in the trie structure. 

5 1 . (Previously Presented) The method of claim 44, further comprising storing, by the 
intermediary device the URL in a trie structure and maintaining the function in a node of the trie 
structure associated with the first URL component, wherein each URL component of the 
plurality of hierarchically related URL components is associated with a node in the trie structure. 

52. (Currently Amended) A system for adaptively generating exception rules to rejection rules 
for filtering messages received by an intermediary device, comprising: 

a filter m oans for r eceiving a first message of a first user session, the first message 
having a first URL, the first URL comprising a plurality of hierarchically related URL 
components, the plurality of hierarchically related URL components comprising a first 
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URL component and a second URL component, the second URL component being a 
descendant of a first URL component, wherein the first message is rejected based on a 
rejection rule that rejects messages having the first URL component; and 

an engine m eans for maintaining , in memory, a first number of user sessions each 
having one or more messages rejected based on the first URL component, and a second 
number of user sessions each having one or more messages rejected based on the second 
URL component; means for determining that the first number of user sessions exceeds a 
threshold and that the second number of user sessions does not exceed the threshold; and 
moans for generating an exception rule to the rejection rule for the first node associated 
with the first URL component responsive to the determination, the exception rule 
allowing messages having the first URL component to pass; 

wherein the filter means for receiveswtg a second message of the first user session 
having the first URL component; and _moans for allowsiag the second message of the first 
user session to pass between the client and the server based on the exception rule that 
allows messages having the first URL component to pass. 

53. (Currently Amended) The system of claim 53, further comprising means for wherein the 
engine determinesing that the first number of user sessions exceeds the threshold, the first URL 
component having no descendents with a corresponding number of user sessions exceeding the 
threshold. 
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54. (Currently Amended) The system of claim 53, further comprising moans for w herein the 
engine determinesing that a function of the first number of user sessions and the second number 
of user sessions exceeds the threshold. 

55. (Previously Presented) The method of claim 54, wherein the function is a function of the 
first number of user sessions and a number of user sessions corresponding to each descendant of 
the first URL component in messages received by the device. 

56. (Previously Presented) The system of claim 53, wherein the threshold is a product of a total 
number of messages over a time interval and a percentage of the messages that should be 
allowed. 

57. (Previously Presented) The system of claim 53, wherein the exception rule is generated by 
inferencing a scalar data type of the descendants of the first URL. 

58. (Previously Presented) The system of claim 54, wherein the function is a direct count of the 
first number of user sessions corresponding to the first URL component. 

59. (Previously Presented) The system of claim 54, wherein the function is a weighted count of 
the number of user sessions corresponding to the first URL component. 
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60. (Currently Amended) The system of claim 53, further comprising moans for w herein the 
engine storesing the URL in a trie structure such that each URL component of the plurality of 
hierarchically related URL components is associated with a node in the trie structure. 

61. (Currently Amended) The system of claim 54, further comprising means for w herein the 
engine storesing the URL in a trie structure such that each URL component of the plurality of 
hierarchically related URL components is associated with a node in the trie structure, and means 
fer-maintainsing the function in a node of the trie structure associated with the first URL 
component. 

62. (Previously Presented) A method for adaptive ly generating exception rules to rejection rules 
for filtering messages, comprising: 

(a) receiving, by an intermediary device between a client and a server, a first 
message of a first user session, the first message having a first URL comprising a 
plurality of hierarchically related URL components, the plurality of hierarchically related 
URL components comprising a first URL component and a second URL component, the 
second URL component being a descendant of the first URL component; 

(b) rejecting, by the intermediary device, the first message based on a rejection 
rule that rejects messages having the first URL component; 

(c) maintaining, by the intermediary device, a first number of user sessions each 
having one or more messages rejected based on the first URL component; 

(d) maintaining, by the intermediary device, a second number of user sessions 
each having one or more messages rejected based on the second URL component; 
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(e) determining, by the intermediary device, that the first number of user sessions 
exceeds a threshold and the second number of user sessions does not exceed the 
threshold; 

(f) generating, by the intermediary device, an exception rule to the rejection rule 
responsive to the determination, the exception rule allowing messages having the first 
URL component to pass; 

(g) receiving, by the intermediary device, a second message of the first user 
session having the first URL component; 

(h) identifying, by the intermediary device, that the second message having the 
first URL component is rejected by the rejection rule; 

(i) determining, by the intermediary device, that the rejection rule has an 
exception rule that may allow a message that has been rejected by the rejection rule to 
pass; and 

(j) allowing, by the intermediary device, the second message of the first user 
session to pass between the client and the server based on the exception rule that allows 
messages having the first URL component to pass. 
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